I've recently been learning a lot of cakePHP and i'm getting ready to transfer my live websites infrastructure to cakePHP.
The problem is that on my live website, I used bcrypt encryption that looks something like this
$str = substr($username, 0, 3);
$salt = '$2a$12$soPld43fs5lo09lMsjU'.$str.'$';
$crypter_pass = crypt($password, $salt);
And I would save, in the database, the $salt and $crypter_pass
Now i'm planning to use bcrypt with cakePHP as well, but I don't really know how to 'merge' these two methods to provide a smooth transition for users.
A method I was thinking of was only using a 'username' to login. No need for a password. And when the user logs in he is then instantly asked to fill out a new a password.
This method can work because I only have ~200 users so there's not really a chance of other people logging in and compromising other peoples accounts.
Though a solution would be awesome, i'm more looking for the correct 'term' that I should google to figure out how to do this. Or the specific method that i'd need to learn to do this.
Thanks!
Check these links out, CakePHP already supports different hashing methods and bcrypt.
If your own hashing method is different the best way is to validate the hash on login against the hold hash using the old hashing method. If its true use the plain password and hash it using the new hash method and save it and you've migrated it "on the fly". If the old hash check fails check against the second, the new hash method. You could flag your users as migrated and when they're all done stop using both checks.